search for: nf_mark

...mark value, and after hours of reading and googling I can not get the syntax right. It got to be something very simple, yet I can''t find it. Any help will be greatly appreciated. Thanks! root@Arzamas:/etc/init.d# tc filter add dev wan_b protocol ip prio 2 parent 1:0 basic match meta\(nf_mark mask 0x80 eq 0x80\) flowid 1:0x80 RTNETLINK answers: No such file or directory We have an error talking to the kernel root@Arzamas:/etc/init.d# root@Arzamas:/etc/init.d# tc qdisc show dev wan_b qdisc htb 1: r2q 10 default 2 direct_packets_stat 0 root@Arzamas:/etc/init.d# root@Arzamas:/etc/init.d#...

...packets as I am expecting it to based on my ruleset. My tc qdiscs and classes are added correctly and report as I''d expect with "tc -s -d qdisc show dev eth1", and the filters seem to report what I want.  The iptables script is set correctly, which I verified by testing for the NF_MARK that was expected on the packets.  Pay particular attention to NF_MARK 0xFF, which I want to end up in tc class 20:1.  However, when I run "tc -s -d class show dev eth1" I see nothing going into 20:1, and lots going into 20:2.  Full output of these commands appears near the bottom of this...

Hi All, I need to do some tricky filtering stuff. Can anyone tell me if any of the following are possible? * match on a combination of firewall mark AND u32 criteria. ie. handle 6 fw AND u32 match ip src 1.2.3.4/32 - to match packets from 1.2.3.4 which have been marked elsewhere OR * to OR the values of u32 matches. Something like u32 match ip src 1.2.3.4/32 OR match ip dst 1.2.3.4/32 - to